From owner-freebsd-questions@FreeBSD.ORG Sun Jun 18 20:57:05 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA2B216A474 for ; Sun, 18 Jun 2006 20:57:05 +0000 (UTC) (envelope-from dwc@stilyagin.com) Received: from puffy.asicommunications.com (puffy.asicommunications.com [216.9.200.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 939BE43D49 for ; Sun, 18 Jun 2006 20:57:05 +0000 (GMT) (envelope-from dwc@stilyagin.com) Received: from jeeves.stilyagin.local (70-58-113-174.phnx.qwest.net [70.58.113.174]) by puffy.asicommunications.com (8.13.4/8.13.3) with ESMTP id k5IKv33Q001728 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Sun, 18 Jun 2006 13:57:04 -0700 (MST) Received: (from dwc@localhost) by jeeves.stilyagin.local (8.13.4/8.13.4/Submit) id k5IKuuJB008967; Sun, 18 Jun 2006 13:56:56 -0700 (MST) Date: Sun, 18 Jun 2006 13:56:56 -0700 From: Darrin Chandler To: "J.D. Bronson" Message-ID: <20060618205656.GA4974@jeeves.stilyagin.local> References: <7.0.1.0.2.20060616135513.00e743b0@sixcompanies.com> <20060616191028.GB9804@jeeves.stilyagin.local> <7.0.1.0.2.20060616141226.00e743b0@sixcompanies.com> <20060616192734.GC9804@jeeves.stilyagin.local> <7.0.1.0.2.20060616142931.00e743b0@sixcompanies.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7.0.1.0.2.20060616142931.00e743b0@sixcompanies.com> User-Agent: Mutt/1.4.2i Cc: freebsd-questions@freebsd.org Subject: Re: pf + ftp throughput X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2006 20:57:06 -0000 On Fri, Jun 16, 2006 at 02:31:07PM -0500, J.D. Bronson wrote: > for a trial, I am going to fire up a drive loaded with OpenBSD 3.9 > and PF and see if there is anything better/worse with the same pf.conf > file. I've been playing at home, trying to reproduce this behavior (sparc64, OpenBSD). I haven't done so yet, but I don't have the best test cases. I tried with a 12M file across the 'net, and what looked like the same issue went away, so it was just fluctuations on the net. I tried the same file from the firewall itself to a client, and times are virtually identical. What I really need is two local clients going through the firewall. If I get that going I'll let you know what I find. FWIW, I Googled pretty heavily for this and didn't turn up much. I found one mailing list message from years ago describing *exactly* the same problem. Unfortunately I didn't see any followups or further problem reports. Are you also doing nat/rdr on this box? Have you run tcpdump on the pflog interface to make sure you're matching the rules you think? I'd like to track this down, so please feel free to send me any info you think pertains to this. -- Darrin Chandler | Phoenix BSD Users Group dwchandler@stilyagin.com | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |